6 Jan
2005
6 Jan
'05
18:35
Hi, I'm running SuSe 9.2 and I have a user account in which I run KDE 3.4 CVS
HEAD. I have discovered a serious security flaw probably related to a bug in
Yast2 system:/ kioslave.
If you go to system:/ on Konqueror -> Settings -> Yast2 Modules, and try to
change anything, it doesn't asks you for a password , so any user can do
modifications the system without having the root password at all.
Please check http://bugs.kde.org/show_bug.cgi?id=96146 for more information on
this bug.
Greetings,
--
Mauricio Bahamonde